Technical Tip: Fortinet Single Sign-On (FSSO) stops working after upgrading FSSO Collector Agent

This article describes why Fortinet Single Sign-On (FSSO) stops working after upgrading to FSSO Collector Agent 5.0.0290.

It has been noticed Fortinet Single Sign-On Agent service appears to be stopped; however, when trying to restart the service, it stops again shortly after.

If it is verified that the FSSO CA debug logs, an error 'cannot bind to UDP socket' can be found.

Starting FSSO Collector Agent build 5.0.0290, the FSSO Collector Agent includes a Syslog service that runs on UDP port 514.

If UDP port 514 is already in use by another application/service/server on the Windows machine running the FSSO Collector Agent, this error, while running FSSO, 'cannot bind to UDP socket' can be seen.

To verify the same, open the command prompt, run as administrator.

Enter the command 'netstat –anbo | find ":514"', which will show Active Connections along with the listening port number.

On FSSO Agent build 5.0.0290 and later, under Advanced Settings -> Syslog source list -> Uncheck 'Enable this feature', since it is also using port 514.

After disabling the FSSO Collector Agent’s Syslog functionality, the FSSO Collector Agent should start successfully.